net-security.org Archives - 03 March 2015, Tuesday

UK-based bitcoin exchange Bitstamp has temporarily suspended its service in the wake of an attack. "We have reason to believe that one of Bitstamps operational wallets was compromised on January 4th, 2015," they shared on the exhange's website. "As a security precaution against compr...

The latest massive email phishing campaign targeting Bitcoin users has had a unexpected click-through rate. The spam campaign came in two waves, and of the 12,000 messages detected by SaaS vendor Proofpoint, the overwhelming majority was directed to emails belonging to members of orga...

Successful strategies to avoid frequent password changes Posted on 19 August 2014. | After a widespread, nonspecific data breach, the conventional wisdom is that people should change all their passwords. But, theres a better way. 1 BGP hijacking for cryptocurrency profit Posted on 19...

Bitcoin Core - as the Bitcoin infrastructure software has been renamed to in order to avoid confusion with the the Bitcoin network - has been updated to make, among other things, transaction ID malleability attacks more difficult to execute. Five fixes that address this specific issue...

Related:

Here's an overview of some of last week's most interesting news and articles: Account details of 27,000 Barclays customers stolen, sold to brokers (In)famous UK-based multinational bank Barclays has been hit this Friday with claims that someone has stolen personal and financial inform...

Bitcoin-stealing Trojan that targets Mac users, has been spotted being offered on several download websites such as CNET's Download.com and MacUpdate.com , as well as masquerading as precompiled binaries in several GitHub projects. The malware's initial variant installs browser extens...

Users of popular Bitcoin exchanges are being actively targeted by cyber crooks looking to syphon funds out of their digital wallets. When cyber crooks are looking to infect as many Internet users with Bitcoin mining software, they usually start a wide-reaching, generic spam campaign. ...

continues to rise, a lot of people are trying to cash in on the craze. Some do it legally, by getting their own machines to perform the calculations required, and others try to make other users machines do it for them. This latter option is usually performed illegally, by installing ...

Copenhagen-based Bitcoin Internet Payment Services (BIPS) has been hit with a DDoS attack and has had 1,295 BTC stolen (a little over $1M) mostly from the companys own holdings, but some from their customers wallets. On November 15th BIPS was the target of a massive DDoS attack, wh...

Another bitcoin exchange has shut down, taking approximately $4.1 million worth of its clients' bitcoins with it and, according to CoinDesk , foul play from its operator is suspected. The name of the exchange is Global Bond Limited (GBL), and it was launched in May 2013. Despite being...

A daring hack and heist targeting online Bitcoin wallet service Inputs.io has resulted in the theft of 4,100 Bitcoins (currently over $1.3 million) and has left some of the users extremely disgruntled. Indeed, some of them are even accusing the owner of being behind the hack himself. ...

It has been an eventful time in the mobile world with two recent breaking stories revealing vulnerabilities in the security infrastructure for Android and iOS respectively. While vastly different in their nature, both point to a fundamental lesson that CISOs in an increasingly mobile ...

The Bitcoin Foundation has issued a security advisory warning users that have generated their Bitcoin wallet with an Android app that their Bitcoins can be easily stolen. The problem lies with the Android implementation of the Java SecureRandom class which, according to Google softwar...

The Securities and Exchange Commission charged a Texas man and his company with defrauding investors in a Ponzi scheme involving Bitcoin , a virtual currency traded on online exchanges for conventional currencies like the U.S. dollar or used to purchase goods or services online. The S...

The Bitcoin Foundation has received a cease and desist letter from the California Department of Financial Institutions, saying that they have been informed that the organization "may be engaged in the business of money transmission without having obtained the license or proper authori...

Related:

exchange in the world, and as such it and its users are being repeatedly targeted by attackers. Some two months ago, it battled a massive DDoS attack that was likely aimed at destabilizing the virtual currency and allow the criminals to profit from the swings. Now, according to Symant...

Here's an overview of some of last week's most interesting news, reviews and articles: Info of 50M LivingSocial customers compromised following breach LivingSocial, the company behind the eponymous deal-of-the-day website, has confirmed that its computer systems have been breached by ...

Bitcoin is a digital currency whose creation and transfer is based on an open source cryptographic protocol. There are many benefits to using it (no transaction fees, anonymous payments, etc.), but there are also risks involved. The first Bitcoins were created in 2009, and their initi...

Mt.Gox, the world's largest bitcoin exchange, has been downed earlier today by what appears to be a "strong DDoS attack". "We are working hard to overcome it and will update when possible. It's currently 2am in Japan so please forgive us if our Facebook/Twitter updates are not as quic...

BitInstant, one of the online Bitcoin exchange services, has been down and unaccessible from Thursday evening to Monday due to a "sophisticated attack," which resulted in a loss of $12,480 in Bitcoins, but luckily no user data compromise. "We've long been targeted by someone using soc...

Cisco shows the global picture of information security Posted on 31 January 2013. | Cisco released findings from two global studies that provide a vivid picture of the rising security challenges that businesses, IT departments and individuals face. 1 Aerospace and defense firms target...

active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code...

For the second week in a row since the start of the new year, users of open source web application framework Ruby on Rails are advised to upgrade to the newly offered versions immediately due to serious vulnerabilities present in previous ones. Last week it was an SQL injection vulner...

Three new versions of popular open source web application framework Ruby on Rails have been released on Wednesday in order to fix an SQL injection vulnerability that affected all the previous versions of Rails. "Due to the way dynamic finders in Active Record extract options from meth...

Malware almost always comes in disguise, but some malware peddlers try to do a better job than others. Trend Micro researchers have recently uncovered a piece of malware that tried to pass itself off as "Trend Micro AntiVirus Plus AntiSpyware" (click on the screenshot to enlarge it): ...

is an anonymous general purpose operating system based on Virtual Box, Ubuntu GNU/Linux and Tor. By Whonix design, IP and DNS leaks are impossible. Not even malware with root rights can find out the user's real IP/location. Whonix consists of two machines, which are connected through ...

is a hacked together Ruby script that can consume Nessus 2 files - with the help of an updated ruby-nessus gem. Prenus allows the output of a few different formats, including:Static HTML files with jQuery Datatables and Highcharts graphs XLS file (Actually a HTML Table with an .xls ex...